EP2851838A1 - Verfahren und Vorrichtung für Sicherheitsdomänenverwaltung in einer vertrauten Ausführungsumgebung - Google Patents

Verfahren und Vorrichtung für Sicherheitsdomänenverwaltung in einer vertrauten Ausführungsumgebung Download PDF

Info

Publication number
EP2851838A1
EP2851838A1 EP14185981.9A EP14185981A EP2851838A1 EP 2851838 A1 EP2851838 A1 EP 2851838A1 EP 14185981 A EP14185981 A EP 14185981A EP 2851838 A1 EP2851838 A1 EP 2851838A1
Authority
EP
European Patent Office
Prior art keywords
security domain
event
arbitrary
information related
domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP14185981.9A
Other languages
English (en)
French (fr)
Other versions
EP2851838B1 (de
Inventor
Bo Gyeong Kang
Byung Rae Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of EP2851838A1 publication Critical patent/EP2851838A1/de
Application granted granted Critical
Publication of EP2851838B1 publication Critical patent/EP2851838B1/de
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Definitions

  • the present invention relates generally to a method and apparatus for security domain management in a trusted execution environment, and more particularly, to a method and an apparatus for controlling a communication between the security domains.
  • a current GlobalPlatformTM standard 1.0 defines a Trusted Execution Environment (TEE).
  • FIG. 1 is a diagram illustrating an example of a TEE management structure.
  • the TEE defined by the standard specifies a configuration of a security domain within the TEE to assign a security right, and manage a life cycle of trusted applications according to the assigned security right.
  • Each security domain is strictly isolated, and is configured in such a manner to prevent the mutual exchange of information.
  • the security domain represents each managing entity within a terminal, and may be configured in several ways.
  • a typical approach is that an application mounted in the TEE executes functions on behalf of a remote rights holder.
  • a terminal manufacturer may implement a built-in security domain application in the terminal, so that a lifecycle (e.g., lock, unlock, update, etc.) of the TEE and other security domains may be managed by using the built-in security domain application.
  • a trusted application provider enables a security domain to be controlled under management of a specific domain or a root domain. Accordingly, when a service, such as a user terminal change or a security domain migration by a security domain manager, is performed, ally domains (i.e., a domain defined as having an association relationship with a corresponding domain) may not be able to perform a necessary service as they are not able to recognize the service.
  • a service such as a user terminal change or a security domain migration by a security domain manager
  • the present invention has been made address the above disadvantages and to provide at least the advantages described below.
  • an aspect of the present invention is to provide a method for sharing minimum information between security domains.
  • a security domain management method for managing at least one security domain in a trusted execution environment (TEE) including the at least one security domain.
  • the method includes obtaining information related to an event for an arbitrary security domain when the event for the arbitrary security event is generated; and transmitting the information related to the event to at least one other security domain, wherein the information related to the event is sent via a TEE kernel.
  • TEE trusted execution environment
  • a Security Domain refers to an area which is logically separated to manage the applications of the TEE, where each security domain is managed independently by using a different security key.
  • an ally domain refers to a domain which is defined as having an association relationship with an arbitrary domain.
  • the security domains configuring the TEE may be composed of various combinations of a root security domain, a nested security domain, and forms having a specific function. Each form may have a different method of controlling a security domain and a different isolation type than another domain.
  • the present invention configures a TEE to form an information channel between security domains.
  • the information channel serves as a path by which minimum information, which is mutually available between the security domains, migrates.
  • the information channel is provided by a kernel (i.e., TEE kernel) that controls the TEE, where the kernel may be referred to as a controller in various embodiments of the present invention.
  • the TA property is designated as a null value.
  • each security domain is able to directly generate and manage a specific event buffer to notify its own state, in addition to the system event buffer.
  • the event buffer for a specific security domain is managed so that another security domain is only able to read, except for the security domain that manages a corresponding event buffer, and other security domains are permitted access to a corresponding event buffer via the notification service.
  • a notification service registration procedure of FIG. 4 is performed when a security domain application is installed.
  • the TEE kernel check a TA_property value set by a domain owner via the notification service in step 401.
  • step 403 if the security domain is registered in the notification service, thereafter, the notification service notifies of information related to an event generated from an arbitrary security domain to the registered security domain according to registration information.
  • step 404 when the notification service is provided, the notification service receives a modification request corresponding to the content which is automatically registered in the notification service from the security domain.
  • the security domain adds or cancels the registration of the arbitrary event buffer, or requests a termination of a push notification for event information.
  • step 405 when receiving the modification request, the notification service performs the notification service of the security domain according to newly registered information according to the modification request.
  • FIG. 5 is a flowchart of a method of managing an event buffer by a security domain according to an embodiment of the present invention.
  • the security domain application retrieves kernel property->notification_service information in step 501.
  • the security domain application requests the TEE kernel to allocate a specific event buffer dedicated to the security domain application in step 502.
  • the TEE kernel which received the request generates an event buffer for a corresponding security domain, and allocates the generated event buffer to a corresponding security domain.
  • the security domain application generates an ally domain list corresponding to the security domain, and provides the ally domain list to the TEE kernel.
  • the security domain application identifies a list of the domains that may receive the notification service in addition to the ally domain which has a relationship with the security domain application.
  • the security domains registered in the ally domain list of the corresponding security domain obtain event information by accessing a corresponding event buffer, or receive event information via the TEE kernel. Then, the security domain obtains event information via an information channel provided by the TEE kernel. Thus, in the TEE according to the present invention, the security domains share event information mutually by using the information channel.
  • step 504 the security domain updates and manages the ally domain list during a life time of the event buffer.
  • the security domain selects/manages a security domain with which the event generation fact is shared.
  • step 505 when the lift time of the event buffer is terminated, the security domain deletes the event buffer allocated to the TEE kernel, and requests release of memory.
  • the TEE kernel that received the request deletes the event buffer allocated for a corresponding security domain.
  • FIG. 6 is a flowchart of a method of searching a readable event buffer by a security domain according to an embodiment of the present invention.
  • the security domain gets the event buffer list by requesting the event buffer list of the notification service in step 602. That is, the security domain is registered as a public type event buffer of the ally domain that has an association relationship with the security domain itself, and requests the list of event buffers to which the security domain itself is able to access.
  • the notification service which received the request, returns information related to the public event buffer and event buffers allocated to the ally domain of the corresponding security domain to the security domain.
  • the security domain obtains event information from the event buffers which exist in the list by using the received event buffer list. That is, the security domain directly fetches event information via an information channel by accessing the event buffer in the list, or receives event information by requesting information of the corresponding event buffers to the TEE kernel.
  • FIG. 7 is a flowchart of a method of searching and registering readable event buffers by a security domain according to an embodiment of the present invention.
  • the security domain application retrieves kernel_property->notification_service information in step 701.
  • step 703 the security domain registers itself with the selected buffer as the ally domain by using an Interface (I/F) of the notification service.
  • I/F Interface
  • TEE_NotifyEvent (parameters as specified below);
  • the notification may be delivered via a push or a notification service.
  • FIG. 8 is a diagram illustrating an event descriptor according to an embodiment of the present invention.
  • the event descriptor is configured to include a UUID of a source security domain application, an event tag, a timestamp that signifies a start and end of an effective period, and an opaque descriptor which includes other information.
  • FIG. 9 is a diagram illustrating an event descriptor according to an embodiment of the present invention.
  • the event descriptor is defined for an effective event scheduling between the ally domains as a simplified form of the event descriptor of FIG. 8 .
  • FIG. 10 is a flowchart of a method of scheduling an event by using an effective_tag parameter between ally security domains according to an embodiment of the present invention.
  • the source security domain defines an internal event subsequent to an event of the ally domains.
  • the source security domain sets the effective_tag parameter to "10", and records it in the private event buffer.
  • the source security domain collects the notifications of the interested ally security domains, and initiates an execution of a response event when the response is requested, in step 1020. To this end, the source security domain sets the effective_tag parameter to "00", and generates an event scheduling description to load into the private or public buffer.
  • the target domain acknowledges this event, and initiates an execution of a response event, in step 1030 and step 1040.
  • the target event sets the effective_tag parameter to "11", and generates an event scheduling description to load into the private or public buffer.
  • FIG. 11 is a block diagram of a security domain management apparatus according to an embodiment of the present invention.
  • the security domain management apparatus 1100 that performs an operation according to an embodiment of the present invention is configured to include a communication unit 1110, a controller 1120, and a storage unit 1130.
  • the communication unit 1110 is configured to communicate data with an external apparatus. Via the data communication with the external apparatus, the communication unit 1110 downloads a security domain and a security application related to the security domain, or transmits to another apparatus.
  • the controller 1120 controls other elements to perform an operation according to an embodiment of the present invention.
  • the controller 1120 manages at least one security domain in a TEE that includes at least one security domain.
  • the controller 1120 obtains information related to an event from a corresponding security domain, and delivers the information related to the event to at least one other domain.
  • the controller 1120 may be a TEE kernel, may be configured to include a TEE kernel, and may deliver the information related to the event to the security domain via an information channel which is generated and provided by the TEE kernel.
  • Information that can be transmitted via the information channel may be, for example, information related to scheduling, maintenance, ownership change, domain migration, a state change of a security application or another security domain related to the arbitrary security domain, or the like.
  • the controller 1120 registers the security domain in the notification service when installing the security domain.
  • the controller 1120 obtains property information of the security domain desired to be installed, and registers the security domain in the notification service according to the property information so that a corresponding security domain may receive event information generated from another security domain.
  • the property information of the security domain may be, for example, a TA_property, and the controller 1120 may register a corresponding security domain in the notification service when the TA_property value is not null.
  • the notification of event information may be implemented via a TEE_NotifyEvent function.
  • the controller 1120 generates and manages an ally domain list of the security domain to which an event buffer is allocated by connecting to the event buffer.
  • the controller 1120 renews a corresponding list, and stores identification information of an ally domain desired to be added in the list.
  • the change/renewal of the ally domain list may be implemented by a TEE_ModifyEventBuffer function.
  • the controller 1120 receives, from a security domain, a request of the event buffer list allocated to ally domains having an alliance with a corresponding security domain. In this case, the controller 1120 extracts an event buffer list, and transmits to a security domain via a TEE_GetEvenBufferList function.
  • the storage unit 1130 stores at least one security domain/security application.
  • the storage unit 1130 stores a program code to implement the above described function, and the controller 1120 performs the above described operation by loading a code stored in the storage unit 1130.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
EP14185981.9A 2013-09-24 2014-09-23 Verfahren und vorrichtung für sicherheitsdomänenverwaltung in einer vertrauten ausführungsumgebung Active EP2851838B1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130113285A KR102132218B1 (ko) 2013-09-24 2013-09-24 신뢰하는 실행 환경에서의 보안 도메인 관리 방법 및 장치

Publications (2)

Publication Number Publication Date
EP2851838A1 true EP2851838A1 (de) 2015-03-25
EP2851838B1 EP2851838B1 (de) 2021-04-28

Family

ID=51627975

Family Applications (1)

Application Number Title Priority Date Filing Date
EP14185981.9A Active EP2851838B1 (de) 2013-09-24 2014-09-23 Verfahren und vorrichtung für sicherheitsdomänenverwaltung in einer vertrauten ausführungsumgebung

Country Status (3)

Country Link
US (1) US10110510B2 (de)
EP (1) EP2851838B1 (de)
KR (1) KR102132218B1 (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108076023A (zh) * 2016-11-16 2018-05-25 中国移动通信有限公司研究院 一种根安全域的创建方法、装置及终端

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021142849A1 (zh) * 2020-01-19 2021-07-22 Oppo广东移动通信有限公司 安全域的配置、发现和加入方法及装置、电子设备
US20220006637A1 (en) * 2021-09-16 2022-01-06 Intel Corporation File system supporting remote attestation-based secrets
WO2023216035A1 (zh) * 2022-05-07 2023-11-16 Oppo广东移动通信有限公司 安全域管理方法、装置、设备、存储介质及程序产品

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8271996B1 (en) * 2008-09-29 2012-09-18 Emc Corporation Event queues

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7243230B2 (en) 2001-11-16 2007-07-10 Microsoft Corporation Transferring application secrets in a trusted operating system environment
US7530103B2 (en) * 2003-08-07 2009-05-05 Microsoft Corporation Projection of trustworthiness from a trusted environment to an untrusted environment
WO2005036407A1 (ja) * 2003-10-14 2005-04-21 Matsushita Electric Industrial Co., Ltd. コンテンツ配信方法及びコンテンツサーバ
US8528063B2 (en) * 2004-03-31 2013-09-03 International Business Machines Corporation Cross domain security information conversion
US8074262B2 (en) 2005-05-13 2011-12-06 Intel Corporation Method and apparatus for migrating virtual trusted platform modules
US8244826B2 (en) * 2007-10-23 2012-08-14 International Business Machines Corporation Providing a memory region or memory window access notification on a system area network
US8127131B2 (en) * 2008-04-10 2012-02-28 Telefonaktiebolaget Lm Ericsson (Publ) System and method for efficient security domain translation and data transfer
US8286231B2 (en) * 2009-01-28 2012-10-09 The Boeing Company System and method for information sharing between non-secure devices
JP5524878B2 (ja) 2011-02-22 2014-06-18 日立電線ネットワークス株式会社 検疫ネットワークシステム
GB2499787B (en) * 2012-02-23 2015-05-20 Liberty Vaults Ltd Mobile phone
US8837733B2 (en) * 2012-05-16 2014-09-16 Intel Corporation System for protection and authentication of location services with distributed security
US8844026B2 (en) * 2012-06-01 2014-09-23 Blackberry Limited System and method for controlling access to secure resources
US8782423B2 (en) * 2012-06-19 2014-07-15 Microsoft Corporation Network based management of protected data sets
US9369867B2 (en) * 2012-06-29 2016-06-14 Intel Corporation Mobile platform software update with secure authentication
US8954735B2 (en) * 2012-09-28 2015-02-10 Intel Corporation Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
CN107944271A (zh) * 2013-03-14 2018-04-20 英特尔公司 到安全操作系统环境的基于上下文的切换
US9852299B2 (en) * 2013-09-27 2017-12-26 Intel Corporation Protection scheme for remotely-stored data
CN105723760B (zh) * 2013-11-19 2020-09-04 瑞典爱立信有限公司 简档改变管理

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8271996B1 (en) * 2008-09-29 2012-09-18 Emc Corporation Event queues

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"GlobalPlatform Device Technology TEE System Architecture", 1 December 2011 (2011-12-01), pages 1 - 24, XP055117057, Retrieved from the Internet <URL:http://www.globalplatform.org/specificationsdevice.asp> [retrieved on 20140508] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108076023A (zh) * 2016-11-16 2018-05-25 中国移动通信有限公司研究院 一种根安全域的创建方法、装置及终端
CN108076023B (zh) * 2016-11-16 2021-01-15 中国移动通信有限公司研究院 一种根安全域的创建方法、装置及终端

Also Published As

Publication number Publication date
KR20150033368A (ko) 2015-04-01
KR102132218B1 (ko) 2020-07-09
US10110510B2 (en) 2018-10-23
EP2851838B1 (de) 2021-04-28
US20150089069A1 (en) 2015-03-26

Similar Documents

Publication Publication Date Title
CN109478134B (zh) 用跨账户别名执行按需网络代码
KR101626117B1 (ko) 클라우드 스토리지를 제공하는 클라이언트, 중개 서버 및 방법
KR102245367B1 (ko) 무선 통신 시스템에서 특정 리소스에 대한 접근 권한을 인증하기 위한 방법 및 장치
US7340522B1 (en) Method and system for pinning a resource having an affinity to a user for resource allocation
KR101366965B1 (ko) 프로세스간 통신을 통해 자원들을 공유하는 방법, 장치 및 컴퓨터 프로그램 제품
CN110352401B (zh) 具有按需代码执行能力的本地装置协调器
JP6738965B2 (ja) ネットワークサービスライフサイクル管理許可方法及び装置
US10110510B2 (en) Method and apparatus for security domain management in trusted execution environment
US20220263711A1 (en) Acceleration Resource Scheduling Method and Apparatus, and Acceleration System
WO2014112781A1 (ko) 무선 통신 시스템에서 접근 제어를 위한 방법 및 장치
US11741022B2 (en) Fine grained memory and heap management for sharable entities across coordinating participants in database environment
WO2014069968A1 (ko) 무선 통신 시스템에서 특정 리소스에 대한 정보 갱신을 위한 방법 및 장치
US20160070475A1 (en) Memory Management Method, Apparatus, and System
JP5352367B2 (ja) 仮想マシン起動端末および仮想マシン起動プログラム
CN109964507A (zh) 网络功能的管理方法、管理单元及系统
US9037744B2 (en) Information processing apparatus, information processing system, message control method, and program product, storage medium
US20220382590A1 (en) Cloud provider account mappings
WO2016179803A1 (zh) 建立vnfm与vim之间的连接的方法、装置及系统
CN110798504A (zh) 跨区域共享服务的方法、装置、管理设备及存储介质
US20210256600A1 (en) Connector leasing for long-running software operations
CN114064317A (zh) 分布式系统中的节点调用方法及相关装置
US9270530B1 (en) Managing imaging of multiple computing devices
JP6062809B2 (ja) 資産管理システム及び資産管理方法
KR20190074723A (ko) 원격 컴퓨팅 서비스 제공 시스템 및 방법
WO2017076129A1 (zh) 角色颁发方法、访问控制方法及相关设备

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20140923

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

R17P Request for examination filed (corrected)

Effective date: 20150925

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20171115

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIN1 Information on inventor provided before grant (corrected)

Inventor name: KANG, BO GYEONG

Inventor name: LEE, BYUNG RAE

INTG Intention to grant announced

Effective date: 20201203

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602014076944

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1387907

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210515

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1387907

Country of ref document: AT

Kind code of ref document: T

Effective date: 20210428

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210728

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210828

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210729

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210728

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210830

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20210428

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602014076944

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20220131

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20210930

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210828

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210923

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210923

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210930

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210930

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210930

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210930

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20140923

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20230821

Year of fee payment: 10

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20230822

Year of fee payment: 10

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20210428